From owner-freebsd-net@freebsd.org Wed Jun 24 16:35:49 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id D441A352D1B for ; Wed, 24 Jun 2020 16:35:49 +0000 (UTC) (envelope-from bsd-lists@BSDforge.com) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 49sTKd4YhZz4N0g for ; Wed, 24 Jun 2020 16:35:49 +0000 (UTC) (envelope-from bsd-lists@BSDforge.com) Received: by mailman.nyi.freebsd.org (Postfix) id 9A383352B88; Wed, 24 Jun 2020 16:35:49 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 98C47352A53; Wed, 24 Jun 2020 16:35:49 +0000 (UTC) (envelope-from bsd-lists@BSDforge.com) Received: from udns.ultimatedns.net (static-24-113-41-81.wavecable.com [24.113.41.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "ultimatedns.net", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49sTKd1Y0Xz4Mgq; Wed, 24 Jun 2020 16:35:48 +0000 (UTC) (envelope-from bsd-lists@BSDforge.com) Received: from udns.ultimatedns.net (localhost [IPv6:0:0:0:0:0:0:0:1]) by udns.ultimatedns.net (8.15.2/8.15.2) with ESMTPS id 05OGa8DH047122 (version=TLSv1.2 cipher=DHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Wed, 24 Jun 2020 09:36:14 -0700 (PDT) (envelope-from bsd-lists@BSDforge.com) X-Mailer: Cypht MIME-Version: 1.0 Cc: "current@freebsd.org" , "net@freebsd.org" , "freebsd-hackers@freebsd.org" In-Reply-To: <113821592986861@mail.yandex.ru> From: Chris Reply-To: bsd-lists@BSDforge.com To: "Alexander V. Chernikov" , "Rodney W. Grimes" , Hiroki Sato Subject: Re: routed && route6d removal proposal Date: Wed, 24 Jun 2020 09:36:14 -0700 Message-Id: <4dfcc0c99086b023a1508e5a7f60a0af@udns.ultimatedns.net> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 49sTKd1Y0Xz4Mgq X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [0.00 / 15.00]; ASN(0.00)[asn:11404, ipnet:24.113.0.0/16, country:US]; local_wl_ip(0.00)[24.113.41.81] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Jun 2020 16:35:49 -0000 On Wed, 24 Jun 2020 10:07:34 +0100 Alexander V=2E Chernikov melifaro@freebsd=2E= org said > 22=2E06=2E2020, 14:54, "Hiroki Sato" : > > "Alexander V=2E Chernikov" wrote > > =C2=A0=C2=A0in <273191592779927@mail=2Eyandex=2Eru>: > > > > me> Hey, > > me> > > me> I would like to propose removal of sbin/routed and usr=2Esbin/route6d= =2E Please don't=2E > > > > =C2=A0I am still using both of them in production environments because = they > > =C2=A0work well at least for my configurations and most of promising > > =C2=A0alternatives are under GPL, not BSDL=2E +1 on this=2E I began using this around FreeBSD 6, and continued using it through 9=2E I also chose this as a solution for several of my clients=2E I use it because it's "cheap" -- simple, lightweight, and dependable=2E With near zero maintenance -- and it's already available in $BASE=2E While fairly utilitaria= n by today's standards=2E Sometimes you just need to get the job done, and this does just that=2E Which IMHO makes this a shinning star=2E Please don't remove this=2E It's going to make the lives of others a little more difficult=2E Thanks for taking time time to read=2E > That's actually a very good datapoint I certainly missed=2E > > > > =C2=A0Why do we need to rush to remove them? Discussion about whether w= e > There is no rush=2E In my opinion, popularity&usage of rip is going in one > direction, for the reasons stated in the original e-mail=2E > At some point in time it's worth checking the reality and verify whether = we > still need it in base or not=2E > I stated 2 week timeframe (though I admit I wrongly written Jun instead o= f > July) for collecting feedback to base a decision upon=2E > It looks like there is enough feedback already=2E > > =C2=A0should keep or remove such old bits tends to be controversial whe= n > > =C2=A0there is a user like me=2E I would agree with the removal if they w= ere > > =C2=A0harmful or impossible to maintain, but would not for the reason t= hat > > =C2=A0they are simply old and probably no one uses it today=2E Reason 1 a= nd > > =C2=A02 look like the latter at least to me=2E "too old to be worth keepi= ng" > > =C2=A0is a matter of degree=2E Uucp, rlogind, and timed should be removed > > =C2=A0(and were removed) because there are few non-FreeBSD platforms wh= ich > > =C2=A0support these protocols=2E RIP is still widely supported---just lik= e > > =C2=A0FTP, which nowadays no one prefers to use and major www browsers = are > > =C2=A0about to drop the support of---and not be considered an inherentl= y > > =C2=A0vulnerable protocol like telnet=2E And keeping these daemons is not > > =C2=A0harmful even for users who want to use third-party routing daemon= s > > =C2=A0you listed=2E > My concern is hidden housekeeping costs=2E You have to update the > documentation, where > it exists=2E There are some bugs and you have to do something there=2E There = are > security vulns or Coverity reports=2E > when you do a change, you have to verify it somehow and you have to tests= , > so you have to spend more time=2E > Each of it is a small thing by itself, but they add up and drain develope= r > time=2E >=20 > > > > me> 1=2E1=2E Nowadays the daemon name is simply misleading=2E Given situation > > me> described above, one does expect far wider functionality from the > > me> program named "route[6]d" than just RIP implementation=2E > > > > =C2=A0I do not think this is a good reason to remove something nor peop= le > > =C2=A0have got confused actually=2E If this is true, quagga or bird are m= uch > > =C2=A0worse=2E > > > > me> 2=2E Multiple routing stacks supporting all major routing protocol > > me> including RIP exists these days: bird, frr, quagga=2E Many BGP-only > > me> designs in are gaining popularity, so do bgp speakers such as exabg= p > > me> or gobgp=2E Nowadays, if one needs dynamic routing on the host, OSPF = or > > me> BGP speaker is the choice=2E FreeBSD packages contains well-maintaine= d > > me> ports for these=2E Having RIP[ng] speakers in base offers no advantag= e=2E > > me> > > me> 3=2E Both routed/route6d are largely unmaintained [4] and presents an > > me> additional attack vector=2E Here is the list of last non-trivial comm= its > > me> to routed/route6d: > > > > =C2=A0I think this is a separate issue=2E What attack vectors which are > > =C2=A0known to be vulnerable do they have? > I'm referring to the cases like SA 14:21 or SA 20:12=2E > > > > =C2=A0The small commit counts are not equal to its unreliability=2E Older > > =C2=A0daemons such as ppp(8), dhclient(8), ftpd(8), or bootpd(8) have > > =C2=A0received few substantial changes in recent years because they are > > =C2=A0mature=2E > Well, I see another alternative reason, but that's another discussion :-) > Also, dhclient got 50 commits in the last 4 years, so I wouldn't put it i= n > this list=2E > > > > =C2=A0I am not a strong protester and will be happy to keep them as por= ts > > =C2=A0if everyone wants to remove them and it will happen, but I would = like > > =C2=A0consistent criteria on removing software in the base system (they= do > > =C2=A0not need to be perfect nor strict, though)=2E I believe harmfulness= is > My criteria (briefly) is the "moral" staleness, existence of the viable > alternatives and no users=2E > I should have stated the latter more explicitly=2E > > =C2=A0more important than the fact that it is old or we have more choic= es > > =C2=A0in the ports tree=2E If we have negative factors on maintaining the= m, > > =C2=A0removing them would be one of the choices as a result=2E If the > > =C2=A0existing routed/route6d makes difficulty on people who want to us= e > > =C2=A0third-party routing daemons, it should be fixed=2E These kind of > > =C2=A0harmfulness look below the threshold to me at this moment though = I > > =C2=A0may be biased because I am still using them today=2E=2E=2E > > > > -- Hiroki --Chris